CN116015615A - Memory system security and authentication using asymmetric keys - Google Patents

Memory system security and authentication using asymmetric keys Download PDF

Info

Publication number
CN116015615A
CN116015615A CN202211273137.5A CN202211273137A CN116015615A CN 116015615 A CN116015615 A CN 116015615A CN 202211273137 A CN202211273137 A CN 202211273137A CN 116015615 A CN116015615 A CN 116015615A
Authority
CN
China
Prior art keywords
signaling
memory system
memory
key associated
host system
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202211273137.5A
Other languages
Chinese (zh)
Inventor
L·W·多弗
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Micron Technology Inc
Original Assignee
Micron Technology Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Micron Technology Inc filed Critical Micron Technology Inc
Publication of CN116015615A publication Critical patent/CN116015615A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0894Escrow, recovery or storing of secret information, e.g. secret key escrow or cryptographic key storage
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0825Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using asymmetric-key encryption or public key infrastructure [PKI], e.g. key signature or public key certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/088Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/14Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols using a plurality of keys or algorithms

Abstract

The application relates to memory system security and authentication using asymmetric keys. In some examples, the host system and the memory system may be configured to implement techniques for generating and distributing asymmetric keys, which may support evaluating the authenticity of an interfacing system (e.g., system identity) in connection with exchanged signaling, such as access commands, requests, data, or other signaling. Such techniques may include implementing asymmetric encryption security directly in a memory system. For example, a memory system may be configured to be cryptographically identified by a public asymmetric key, and the authenticity of the memory system may be verified by signing a challenge using the memory system's asymmetric private key. Further, the host system may identify by signing the signaling with its asymmetric private key, and the signature may be verified by the memory system using the host system's asymmetric public key.

Description

Memory system security and authentication using asymmetric keys
Cross reference to
U.S. patent application Ser. No. 17/663,123 entitled "memory System Security and authentication Using asymmetric keys (MEMORY SYSTEM SECURITY AND AUTHENTICATION USING ASYMMETRIC KEYS)" filed by Multi-Buddha (DOVER) at month 5 and 12 of 2022 "and U.S. provisional patent application Ser. No. 63/270,798 entitled" memory System Security and authentication Using asymmetric keys (MEMORY SYSTEM SECURITY AND AUTHENTICATION USING ASYMMETRIC KEYS) "filed by Multi-Buddha at month 10 and 22 of 2021, each of which are expressly incorporated herein by reference in their entirety.
Technical Field
The technical field relates to memory system security and authentication using asymmetric keys.
Background
Memory devices are widely used to store information in a variety of electronic devices, such as computers, user devices, wireless communication devices, cameras, digital displays, and the like. Information is stored by programming memory cells within a memory device to various states. For example, a binary memory cell may be programmed to one of two support states, typically corresponding to a logic 1 or a logic 0. In some examples, a single memory cell may support more than two possible states, any of which may be stored by the memory cell. To access information stored by the memory device, the component may read or sense the state of one or more memory cells within the memory device. To store information, a component may write or program one or more memory cells within a memory device to a corresponding state.
There are various types of memory devices including magnetic hard disk, random Access Memory (RAM), read Only Memory (ROM), dynamic RAM (DRAM), synchronous Dynamic RAM (SDRAM), static RAM (SRAM), ferroelectric RAM (FeRAM), magnetic RAM (MRAM), resistive RAM (RRAM), flash memory, phase Change Memory (PCM), 3-dimensional cross point memory (3D cross point), NOR and NAND (NAND) memory devices, and the like. The memory device may be volatile or nonvolatile. Unless periodically refreshed by an external power source, volatile memory cells (e.g., DRAM cells) may lose their programmed state over time. Nonvolatile memory cells (e.g., NAND memory cells) can maintain their programmed state for a long period of time even in the absence of an external power source.
Disclosure of Invention
An apparatus is described. The apparatus may include a controller configured to couple with a memory system. The controller may be configured to cause the apparatus to: transmitting a public key associated with the device to a memory system, wherein the public key associated with the device is based at least in part on a private key associated with the device; and transmitting signaling to a memory system, wherein at least a portion of the signaling is signed by the apparatus based at least in part on a private key associated with the apparatus.
An apparatus is described. The apparatus may include a memory device and a controller coupled with the memory device. The controller may be configured to cause the apparatus to: receiving a public key associated with the host system, wherein the public key associated with the host system is based at least in part on a private key associated with the host system; receiving signaling from a host system; and determining a response to the signaling based at least in part on at least a portion of the attempted authentication signaling, wherein the at least a portion of the attempted authentication signaling is based at least in part on a public key associated with the host system.
A non-transitory computer-readable medium is described. The non-transitory computer-readable medium may store code comprising instructions that, when executed by a processor of an electronic device, cause the electronic device to: transmitting, by the host system, a public key associated with the host system, wherein the public key is based at least in part on a private key associated with the host system; and transmitting, by the host system, signaling to the memory system, wherein at least a portion of the signaling is signed by the host system based at least in part on a private key associated with the host system.
A non-transitory computer-readable medium is described. The non-transitory computer-readable medium may store code comprising instructions that, when executed by a processor of an electronic device, cause the electronic device to: receiving, at the memory system, a public key associated with the host system, wherein the public key associated with the host system is based at least in part on a private key associated with the host system; receiving signaling from a host system at a memory system; and determining a response to the signaling based at least in part on at least a portion of the attempted authentication signaling, wherein the at least a portion of the attempted authentication signaling is based at least in part on a public key associated with the host system.
Drawings
FIG. 1 illustrates an example of a system that supports memory system security and authentication using asymmetric keys according to examples disclosed herein.
FIG. 2 illustrates an example of a system that supports memory system security and authentication using asymmetric keys according to examples disclosed herein.
FIG. 3 illustrates an example of a process flow supporting memory system security and authentication using asymmetric keys in accordance with examples disclosed herein.
FIG. 4 shows a block diagram of a host system supporting memory system security and authentication using asymmetric keys, according to an example disclosed herein.
FIG. 5 shows a block diagram of a memory system supporting memory system security and authentication using asymmetric keys, according to an example disclosed herein.
Fig. 6 and 7 show flowcharts illustrating methods of supporting memory system security and authentication using asymmetric keys according to examples disclosed herein.
Detailed Description
Some computing platforms may involve one or more host systems for communicating (e.g., directly or indirectly) with one or more memory systems. In some examples, maintaining the security or integrity of such computing platforms may rely on authentication of the interconnected systems (e.g., authentication of system identities) to verify that such systems are exchanging signaling, such as access commands, requests, data, and other signaling with authenticity (e.g., between known and verified transmission and reception systems). However, some techniques for maintaining the authenticity of the system identity, including some cryptographic protection techniques, may be susceptible to identifying information or authentication information being stolen, cloned, or otherwise not securely implemented, or may not have been implemented in the context of signaling between the host system and the memory system itself to establish the authenticity of a particular device (e.g., according to unique hardware or device identity).
According to examples disclosed herein, a host system and a memory system may be configured to implement various techniques for generating and distributing asymmetric public keys, which may support evaluating the authenticity of an interfacing system (e.g., system identity, hardware identity) prior to responding to exchanged signaling (e.g., access commands, requests, data, or other signaling (e.g., evaluating whether received signaling is trusted, evaluating whether to perform responsive actions such as access or configuration of the memory system, executing authenticated read commands, or authenticated write commands)). In some examples, such techniques may include implementing asymmetric cryptographic security functionality directly in a memory system. For example, the memory system may be configured to be cryptographically identified (e.g., by the host system) by a public asymmetric key of the memory system, which may be associated with a unique hardware identity of the memory system, and the authenticity of the memory system may be verified by signing the challenge using the private asymmetric key of the memory system. In some examples, the host system may be identified by signing the command with a private asymmetric key of the host system, which may be associated with a unique hardware identity of the host system, and the signature may be verified by the memory system using a public asymmetric key of the host system. Once established, encrypted signaling (e.g., commands, requests, data) and responses may be facilitated by an asymmetric key or symmetric key, as determined by the configuration of the system (e.g., according to command configuration bits at the host system, the memory system, or both). By implementing such techniques at the device level or system level for generating and distributing asymmetric device identification information, such as asymmetric public keys, the interfacing hardware device may support higher security (e.g., stronger authenticity verification) than other techniques that do not perform the distribution of encrypted hardware identification information, or techniques where such distribution may be more easily cloned or stolen, such as techniques that distribute symmetric keys in a potentially unsafe manner.
Features of the present disclosure are first described in the context of the system described with reference to fig. 1 and 2. Features of the present disclosure are described in the context of the process flow with reference to fig. 3. These and other features of the present disclosure are further illustrated and described in the context of device diagrams and flow charts relating to memory system security and authentication using asymmetric keys with reference to fig. 4 through 7.
Fig. 1 illustrates an example of a system 100 supporting memory system security and authentication using asymmetric keys according to examples disclosed herein. The system 100 includes a host system 105 coupled with a memory system 110.
The memory system 110 can be or include any device or set of devices, where a device or set of devices includes at least one memory array. For example, the memory system 110 may be or include a Universal Flash Storage (UFS) device, an embedded multimedia controller (eMMC) device, a flash device, a Universal Serial Bus (USB) flash device, a Secure Digital (SD) card, a Solid State Drive (SSD), a Hard Disk Drive (HDD), a dual in-line memory module (DIMM), a small DIMM (SO-DIMM), or a nonvolatile DIMM (NVDIMM), among other possibilities.
The computing system 100 may be included in a computing device, such as a desktop computer, a laptop computer, a network server, a mobile device, a carrier (e.g., an airplane, a drone, a train, an automobile, or other means of transportation), a device that supports internet of things (IoT), an embedded computer (e.g., an embedded computer included in a carrier, an industrial appliance, or a networked commercial device), or any other computing device that includes memory and a processing device.
The system 100 may include a host system 105, which may be coupled with a memory system 110. In some examples, this coupling may include an interface with a host system controller 106, which may be an instance of a controller or control component configured to cause host system 105 to perform various operations in accordance with an instance as described herein. Host system 105 may include one or more devices or entities (e.g., hardware entities, firmware entities, software entities) or various combinations thereof, and in some cases may include a processor chipset and a software stack executed by the processor chipset. For example, host system 105 may include an application configured to communicate with memory system 110 or devices therein. The processor chipset may include one or more cores, one or more caches (e.g., memory local to or included in host system 105), a memory controller (e.g., an NVDIMM controller), and a storage protocol controller (e.g., a peripheral component interconnect express (PCIe) controller, a Serial Advanced Technology Attachment (SATA) controller). Host system 105 may use memory system 110, for example, to write data to memory system 110 and to read data from memory system 110. Although a single host system 105 and a single memory system 110 are shown in fig. 1, the host system 105 may be coupled with any number of memory systems 110, and the memory systems 110 may be coupled with any number of host systems 105.
The host system 105 may be coupled with the memory system 110 via at least one physical host interface, which may support various signaling between the host system 105 and the memory system 110. In some cases, the host system 105 and the memory system 110 may be configured to communicate via a physical host interface using an associated protocol (e.g., to exchange or otherwise transfer control, address, data, and other signals between the memory system 110 and the host system 105). Examples of physical host interfaces may include, but are not limited to, SATA interfaces, UFS interfaces, eMMC interfaces, PCIe interfaces, USB interfaces, fibre channel interfaces, small Computer System Interfaces (SCSI), serial Attached SCSI (SAS), double Data Rate (DDR) interfaces, DIMM interfaces (e.g., DDR-enabled DIMM socket interfaces), open NAND Flash Interfaces (ONFI), and Low Power Double Data Rate (LPDDR) interfaces. In some examples, one or more such interfaces may be included in or otherwise supported between host system controller 106 of host system 105 and memory system controller 115 of memory system 110. In some examples, the host system 105 may be coupled with the memory system 110 via a respective physical host interface for each memory device 130 included in the memory system 110, or via a respective physical host interface for each type of memory device 130 included in the memory system 110 (e.g., the host system controller 106 may be coupled with the memory system controller 115).
The memory system 110 may include a memory system controller 115 and one or more memory devices 130. The memory device 130 may include one or more memory arrays of any type of memory cells (e.g., non-volatile memory cells, or any combination thereof). Although two memory devices 130-a and 130-b are shown in the example of FIG. 1, memory system 110 may include any number of memory devices 130. Furthermore, if the memory system 110 includes more than one memory device 130, different memory devices 130 within the memory system 110 may include the same or different types of memory cells.
The memory system controller 115 may be coupled and in communication with the host system 105 (e.g., via a physical host interface) and may be an instance of a controller or control component configured to cause the memory system 110 to perform various operations in accordance with an instance as described herein. The memory system controller 115 may also be coupled and in communication with the memory device 130 to perform operations at the memory device 130, which may be generally referred to as access operations, such as reading data, writing data, erasing data, or refreshing data, among other such operations. In some cases, the memory system controller 115 may receive commands from the host system 105 and communicate with the one or more memory devices 130 to execute such commands (e.g., at a memory array within the one or more memory devices 130). For example, the memory system controller 115 may receive commands or operations from the host system 105 and may convert the commands or operations into instructions or appropriate commands to achieve a desired access to the memory device 130. In some cases, the memory system controller 115 may exchange data with the host system 105 and with the one or more memory devices 130 (e.g., in response to or otherwise associated with commands from the host system 105). For example, the memory system controller 115 may convert a response (e.g., a data packet or other signal) associated with the memory device 130 into a corresponding signal for the host system 105.
The memory system controller 115 may be configured for other operations associated with the memory device 130. For example, the memory system controller 115 may perform or manage operations such as wear leveling operations, garbage collection operations, error control operations such as error detection operations or error correction operations, encryption operations, cache operations, media management operations, background flushing, health monitoring, and address translation between logical addresses (e.g., logical Block Addresses (LBAs)) associated with commands from the host system 105 and physical addresses (e.g., physical block addresses) associated with memory units within the memory device 130.
The memory system controller 115 may include hardware, such as one or more integrated circuits or discrete components, buffer memory, or a combination thereof. The hardware may include circuitry with dedicated (e.g., hard coded) logic to perform the operations attributed herein to memory system controller 115. The memory system controller 115 may be or include a microcontroller, dedicated logic circuitry (e.g., a Field Programmable Gate Array (FPGA), an Application Specific Integrated Circuit (ASIC), a Digital Signal Processor (DSP)), or any other suitable processor or processing circuitry.
The memory system controller 115 may also include a local memory 120. In some cases, local memory 120 may include Read Only Memory (ROM) or other memory that may store operating code (e.g., executable instructions) executable by memory system controller 115 to perform the functions attributed herein to memory system controller 115. In some cases, local memory 120 may additionally or alternatively include Static Random Access Memory (SRAM) or other memory used by memory system controller 115 for internal storage or operations, e.g., related to the functions attributed herein to memory system controller 115. Additionally or alternatively, the local memory 120 may act as a cache for the memory system controller 115. For example, if read from or written to memory device 130, the data may be stored in local memory 120, and the data may be available within local memory 120 for subsequent retrieval or manipulation (e.g., updating) by host system 105 according to a cache policy (e.g., with reduced latency relative to memory device 130).
Although the example of the memory system 110 in fig. 1 has been illustrated as including the memory system controller 115, in some cases, the memory system 110 may not include the memory system controller 115. For example, the memory system 110 may additionally or alternatively rely on an external controller (e.g., implemented by the host system 105) or may be one or more local controllers 135, respectively, internal to the memory device 130 to perform the functions attributed herein to the memory system controller 115. In general, one or more functions attributed herein to the memory system controller 115 may in some cases alternatively be performed by the host system 105, the local controller 135, or any combination thereof. In some cases, the memory device 130 that is at least partially managed by the memory system controller 115 may be referred to as a managed memory device. An example of a managed memory device is a managed NAND (MNAAND) device. In some examples, components of the memory system 110 may be implemented in a single semiconductor die, such as in a system-on-chip (SoC) implementation.
The memory device 130 may include one or more arrays of non-volatile memory cells. For example, the memory device 130 may include NAND (e.g., NAND flash) memory, ROM, phase Change Memory (PCM), self-contained memory, other chalcogenide-based memory, ferroelectric Random Access Memory (RAM) (FeRAM), magnetic RAM (MRAM), NOR (e.g., NOR flash) memory, spin Transfer Torque (STT) -MRAM, conductive Bridge RAM (CBRAM), resistive Random Access Memory (RRAM), oxide-based RRAM (OxRAM), electrically Erasable Programmable ROM (EEPROM), or any combination thereof. Additionally or alternatively, the memory device 130 may include one or more arrays of volatile memory cells. For example, the memory device 130 may include RAM memory cells, such as Dynamic RAM (DRAM) memory cells and Synchronous DRAM (SDRAM) memory cells.
In some examples, the memory devices 130 may include a local controller 135 (e.g., on the same die or within the same package) that may perform operations on one or more memory cells of the respective memory device 130. The local controller 135 may operate in conjunction with the memory system controller 115 or may be attributed herein to one or more functions of the memory system controller 115. For example, as illustrated in FIG. 1, memory device 130-a may include a local controller 135-a and memory device 130-b may include a local controller 135-b.
In some cases, memory device 130 may be or include a NAND device (e.g., a NAND flash device). The memory device 130 may be or include a memory die 160. For example, in some cases, the memory device 130 may be a package including one or more dies 160. In some examples, die 160 may be a piece of electronic grade semiconductor cut from a wafer (e.g., a silicon die cut from a silicon wafer). Each die 160 may include one or more planes 165, and each plane 165 may include a respective set of blocks 170, where each block 170 may include a respective set of pages 175, and each page 175 may include a set of memory cells.
In some cases, the NAND memory device 130 may include memory cells configured to each store one bit of information, which may be referred to as Single Level Cells (SLCs). Additionally or alternatively, the NAND memory device 130 may include memory cells configured to each store multiple bits of information, which may be referred to as multi-level cells (MLC) if configured to each store two bits of information, as three-level cells (TLC) if configured to each store three bits of information, as four-level cells (QLC) if configured to each store four bits of information, or more generally as multi-level memory cells. Multi-level memory cells may provide greater storage density relative to SLC memory cells, but may in some cases involve narrower read or write margins or greater complexity for supporting circuitry.
In some cases, the planes 165 may refer to groups of blocks 170, and in some cases concurrent operations may occur within different planes 165. For example, concurrent operations may be performed on memory cells within different blocks 170, so long as the different blocks 170 are in different planes 165. In some cases, individual blocks 170 may be referred to as physical blocks, and virtual blocks 180 may refer to groups of blocks 170 within which concurrent operations may occur. For example, blocks 170-a, 170-b, 170-c, and 170-d within planes 165-a, 165-b, 165-c, and 165-d, respectively, may be concurrently operated, and blocks 170-a, 170-b, 170-c, and 170-d may be collectively referred to as virtual blocks 180. In some cases, the virtual blocks may include blocks 170 from different memory devices 130 (e.g., blocks in one or more planes including memory device 130-a and memory device 130-b). In some cases, the blocks 170 within a virtual block may have the same block address within their respective planes 165 (e.g., block 170-a may be "block 0" of plane 165-a, block 170-b may be "block 0" of plane 165-b, etc.). In some cases, performing concurrent operations in different planes 165 may be subject to one or more limitations, such as concurrent operations on memory cells within different pages 175 that have the same page address within their respective planes 165 (e.g., related to command decoding, page address decoding circuitry, or other circuitry shared across planes 165).
In some cases, block 170 may include memory cells organized into rows (pages 175) and columns (e.g., strings, not shown). For example, memory cells in the same page 175 may share (e.g., be coupled to) a common word line, and memory cells in the same string may share (e.g., be coupled to) a common digit line (which may alternatively be referred to as a bit line).
For some NAND architectures, memory cells may be read and programmed (e.g., written) at a first level of granularity (e.g., at the page level of granularity), but erased at a second level of granularity (e.g., at the block level of granularity). That is, page 175 may be the smallest unit of memory (e.g., a group of memory cells) that can be programmed or read independently (e.g., concurrently programmed or read as part of a single programming or reading operation), and block 170 may be the smallest unit of memory (e.g., a group of memory cells) that can be erased independently (e.g., concurrently erased as part of a single erasing operation). Furthermore, in some cases, the NAND memory cells may be erased before they can be rewritten with new data. Thus, for example, in some cases, the page 175 used may not be updated until the entire block 170 including the page 175 has been erased.
The system 100 may include any number of non-transitory computer-readable media that support memory system security and authentication using asymmetric keys. For example, the host system 105, memory system controller 115, or memory device 130 (e.g., local controller 135) may include or otherwise have access to one or more non-transitory computer-readable media storing instructions (e.g., firmware) to perform the functions attributed herein to the host system 105, memory system controller 115, or memory device 130. For example, if executed by host system 105 (e.g., by host system controller 106), by memory system controller 115, or by memory device 130 (e.g., by local controller 135), such instructions may cause host system 105, memory system controller 115, or memory device 130 to perform one or more associated functions as described herein.
In some cases, memory system 110 may utilize memory system controller 115 to provide a managed memory system, which may include, for example, one or more memory arrays and associated circuitry in combination with a local (e.g., on-die or in-package) controller (e.g., local controller 135). An example of a managed memory system is a managed NAND (MNAAND) system.
According to examples disclosed herein, host system 105 and memory system 110 may be configured to implement various techniques for generating and distributing asymmetric public keys, which may support evaluating the authenticity of host system 105 and memory system 110 (e.g., system identity, hardware identity) prior to responding to exchange signaling (e.g., access command, request, data, or other signaling (e.g., evaluating whether received signaling is trusted, evaluating whether to perform responsive actions, such as access or configuration of memory system 110, performing authenticated read commands, or authenticated write commands)). In some examples, such techniques may include implementing asymmetric cryptographic security functionality directly in the memory system 110. For example, the memory system 110 may be configured to be cryptographically identified by a public asymmetric key, and the authenticity of the memory system 110 may be verified by signing the challenge using the memory system's asymmetric private key. In some examples, the host system 105 may be identified by signing the command with an asymmetric private key of the host system 105, and the signature may be verified by the memory system 110 using an asymmetric public key of the host system 105. Once established, encrypted signaling (e.g., commands, requests, data) and responses may be facilitated by an asymmetric key or symmetric key, as determined by the configuration of the system (e.g., according to command configuration bits at host system 105, memory system 110, or both). By implementing such techniques at the device level or system level for generating and distributing asymmetric device identification information, such as asymmetric public keys, the host system 105 and the memory system 110 may support greater security (e.g., stronger authenticity verification) than other techniques that do not perform the distribution of encrypted hardware identification information, or techniques where such distribution may be more easily cloned or stolen, such as techniques that distribute symmetric keys in a potentially unsafe manner.
Fig. 2 illustrates an example of a system 200 (e.g., computing platform) supporting memory system security and authentication using asymmetric keys according to examples disclosed herein. System 200 may include host system 105-a and memory system 110-a, which may be examples of the respective systems described with reference to FIG. 1. The host system 105-a and the memory system 110-a may implement various techniques for exchanging public keys to support signaling communications between respective systems having identity authenticity (e.g., signature) and integrity (e.g., encryption), as well as other characteristics that may be based on unique and private encryption identities of the host system 105-a and the memory system 110-a. Host system 105-a may include host system controller 106-a and memory system 110-a may include memory system controller 115-a, and in some examples host system controller 106-a and memory system controller 115-a may be configured to perform one or more of the described operations at host system 105-a and memory system 110-a, respectively. Although the techniques are described with reference to a single host system 105-a and a single memory system 110-a of system 200, the described techniques may be extended to support the implementation of a host system 105 coupled to any number of memory systems 110, or the implementation of a memory system 110 coupled to any number of host systems 105, or the implementation of a network of multiple host systems 105 coupled to multiple memory systems 110.
Host system 105-a may be an example of a system that uses at least a portion of memory system 110-a (e.g., storage 240) for information storage, which may include various operations that support host system 105-a writing information to memory system 110-a or host system 105-a reading information from memory system 110-a, or both. In some examples, host system 105-a may be characterized as "local," which may refer to relatively direct or near-end physical, electrical, or otherwise communicatively coupled. In some other examples, host system 105-a may be characterized as "remote," which may refer to a communication coupling of a relatively remote (e.g., non-co-located) end that may involve one or more wired, wireless, optical, or otherwise relatively remote communication couplings, such as a cloud application or other distributed computing system.
In some examples, host system 105-a may include, may be coupled with, or may be otherwise associated with, one or more host entities 210. Host entity 210 may be implemented as a hardware entity, a firmware entity, or a software entity, and may include various serial, parallel, or hierarchical couplings or logical organizations with or via host system 105-a. In some examples, the host entity 210 may request or otherwise perform signaling with the memory system 110-a via a common controller or interface (e.g., via the host system controller 106-a). In various examples, the host entity 210 may be associated with different functions, different feature sets, different permissions, different storage attributes (e.g., data protection attributes), and other different characteristics.
In some examples, each of the host entities 210 may be associated with a unique identifier (e.g., a secret identifier, a unique device secret, a unique entity secret), which may include or may support the generation of a respective private key of the host entity 210. In some examples, the identifier of the host entity 210 may not itself be private, but may be generated (e.g., by the host system 105-a) based on the identifier of the host entity 210 (e.g., public or private) and the private identifier of the host system 105-a (e.g., private master identifier). Such techniques may support uniquely identifying and authenticating each of the host entities 210 (e.g., separately from other host entities 210) according to examples disclosed herein.
An instance of host system 105-a may be associated with an Original Equipment Manufacturer (OEM) host entity 210-a, an Operating System (OS) vendor host entity 210-b, and an Independent Software Vendor (ISV) host entity 210-c. In some other examples, the host system 105 may include or be otherwise associated with any number of one or more host entities 210, including but not limited to one or more OEM host entities 210, OS vendor host entities 210, ISV host entities 210, or other types of host entities. In some examples, the host entity 210 may be omitted or otherwise not considered alone, in which case the donor private key may be implemented by the host system 105-a (and any host entity 210 applicable), which may be based on a single or shared unique identifier of the host system 105-a (e.g., a secret identifier, a unique device secret, or a unique host secret associated with the host system 105-a).
In some examples, host system 105-a may be associated with a location (e.g., key store 215) for storing authentication or encryption information (e.g., generated or received keys, certificates). For example, the host system 105-a may use the key store 215 to store one or more private keys or certificates associated with the host system 105-a. In some examples, key store 215 may be part of host system 105-a, such as an implementation of a dedicated storage component of host system 105-a. Additionally or alternatively, one or more components of key store 215 may be located external to host system 105-a, but may be otherwise (e.g., in a secure manner) accessed by host system 105-a. In various examples, key store 215 may include a non-volatile storage location (e.g., for static keys or keys that are maintained for a relatively long time), or a volatile storage location (e.g., for ephemeral keys or keys that are otherwise generated relatively frequently), or both. Although key storage 215 is shown as being separate from host system controller 106-a, in some examples key storage 215 may be part of or otherwise associated with host system controller 106-a, such as a storage location that also includes firmware of host system 105-a or host system controller 106-a.
In some examples, host system 105-a may include content 220, which may refer to various types of information stored at host system 105-a. In some examples, content 220 may be accessed or otherwise used to support various key generation (e.g., content-based key generation) or other encryption techniques in accordance with examples disclosed herein. For example, the content 220 may include firmware of the host system 105-a, such as boot code (e.g., second level boot code, "L1" boot code), or a Firmware Security Descriptor (FSD), which may be used to establish an operational or encrypted state (e.g., firmware state) of the host system 105-a. In some examples, information associated with the content 220 may be transmitted to the memory system 110-a to support various authentication or encryption techniques (e.g., for the memory system 110-a to generate keys or certificates for operation with the memory system 110-a). Although the content 220 is shown as being separate from the host system controller 106-a, in some examples the content 220 may be part of or otherwise associated with the host system controller 106-a, such as a storage location including firmware of the host system 105-a or the host system controller 106-a.
The memory system 110-a may include a storage device 240, which may refer to one or more instances of local memory 120 or a collective storage capacity of one or more memory devices 130, or various combinations thereof included in or otherwise associated with the memory system 110-a. In some examples, storage 240 may be partitioned or otherwise organized in partitions 245 (e.g., memory ranges, address ranges), which may refer to various subsets or ranges of logical or physical addresses of associated local memory 120 or memory device 130. In some examples, partition 245 may be assigned an initial address range and may be updated by assigning to a different address range, including appending additional new addresses, assigning to a subset of the initial address range (e.g., trimming the range), or assigning to an entirely new address range.
In some examples, partitions 245, or portions thereof, may be assigned or allocated to different functions or attributes, e.g., instances in which one or more partitions 245 are associated with a respective one or more host entities 210, or their respective public or private keys. In example implementations, partition 245-a may be associated with OEM host entity 210-c, partition 245-b may be associated with OS vendor host entity 210-b, and partition 245-c may be associated with ISV host entity 210-c. In some examples, partitions 245-d may not be allocated (e.g., not dedicated to a certain purpose or entity, available space), or may be shared among multiple host entities 210, as well as other examples for allocating partitions 245. In some examples, partition 245 may be used to implement various hierarchical keying or authentication techniques. For example, each partition 245 or some portion of partitions 245 may be assigned or updated with protection attributes (e.g., enable or disable write protection attributes, enable or disable read protection attributes) that may be associated with various keys, authentications, or encryption specific to a given host entity 210, or in general, with various keys, authentications, or encryption common to host system 105-a, among other examples.
In some examples, the memory system 110-a may be associated with a location (e.g., key store 250) for storing authentication or encryption information (e.g., generated or received keys, certificates). For example, the memory system 110-a may use the key store 250 to store one or more private keys associated with the memory system 110-a, or one or more public keys or certificates generated by the memory system 110-a, or one or more public keys or certificates received from the host system 105-a (or other host systems 105, not shown). In some examples, key store 250 may be part of memory system 110-a, such as an implementation of a dedicated storage component of memory system 110-a. Additionally or alternatively, the key store 250 may be located external to the memory system 110-a, but may be otherwise (e.g., securely) accessed by the memory system 110-a. In various examples, key store 250 may include non-volatile storage locations (e.g., for static keys or keys that are maintained for a relatively long time), or volatile storage locations (e.g., for ephemeral keys or keys that are otherwise generated relatively frequently), or both. Although key store 250 is shown separate from storage 240, in some examples key store 250 may be included in a portion of storage 240 (e.g., in separate or dedicated partition 245). Furthermore, while key store 250 is shown separate from memory system controller 115-a, in some examples key store 250 may be part of or otherwise associated with memory system controller 115-a, such as also including a storage location for firmware of memory system 110-a or memory system controller 115-a (e.g., local memory 120).
In some examples, the memory system 110-a may include a Physical Unclonable Function (PUF) 255 that may support the assignment or generation of an identifier that is unique to the memory system 110-a (e.g., a secret identifier or unique device secret for generating the memory system 110-a). The PUF 255 may include various components or circuit elements having inherent physical characteristics that are unique to the PUF 255 that may be used to establish the inherent uniqueness of the memory system 110-a. For example, the PUF may include a set of one or more transistors, resistors, capacitors, memory cells (e.g., SRAM cells, which in some cases may be included in the local memory 120 described with reference to fig. 1), or other circuit elements, or combinations thereof, that when accessed support the generation of a digital signature that is unique to the memory system 110-a. In some examples, a controller of the memory system 110-a (e.g., the memory system controller 115-a) may access or otherwise interact with the PUF 255 to generate one or more private keys for the memory system 110-a, which may then be used to generate a public key for establishing authenticity or encryption between the memory system 110-a and the host system 105-a (e.g., or the host entity 210, as applicable). Although PUF 255 is shown separate from key store 250, in some examples PUF 255 may be included in key store 250 or otherwise interpreted as part of the key store (e.g., part of memory system controller 115-a, part of local memory 120 of memory system 110-a).
In various implementations, the PUF 255 itself or signaling generated by the PUF 255, or both, are not accessible from outside the memory system 110-a. In portions of the memory system 110-a, such inaccessibility may be supported by various implementations including PUF 255 and other components involved in the described encryption techniques, where attempts to access such components would be destructive to the components, or where such components or associated signaling are otherwise shielded from destructive or non-destructive probing or snooping techniques. For example, if not all components of the memory system 110-a, at least the PUF 255 and other components involved in the described encryption techniques (e.g., components involved in processing private keys or unique device secrets, which may include at least a portion of the memory system controller 115-a or at least some portion thereof) may be implemented in a continuous semiconductor chip such as a SoC implementation.
In some examples, memory system 110-a may include a public key table 260 (e.g., elliptic curve cryptography public key table) that may be configured to store, organize, or distribute public keys, such as public keys received from host system 105-a or public keys generated at memory system 110-a, or both. In some examples (e.g., in implementations in which the host entity 210 is associated with a respective public key transmitted by the host system 105-a), the public key table 260 may maintain the respective public key or a mapping thereof for each of the OEM host entity 210-a, the OS provider host entity 210-b, and the ISV host entity 210-c (e.g., associated with partitions 245-a, 245-b, and 245-c, respectively). Although public key table 260 is shown as being separate from key store 250, in some examples public key table 260 may be included in key store 250 or otherwise interpreted as part of the key store (e.g., part of memory system controller 115-a, part of local memory 120 of memory system 110-a).
In some implementations, the public key table 260 may be associated with a mapping or partition 245 between public keys and device identifiers or protection attributes (e.g., write protection configuration, read protection configuration) or various combinations thereof, as well as other mappings between keys and associated configurations. For example, the public key table 260 may provide a particular public key or symmetric key to a mapping of one or more host systems 105 (e.g., host system 105-a) or its host entities 210. Such mappings may also include mappings between such keys and one or more partitions 245, or mappings between such keys or partitions 245 and one or more protection attributes, such as whether a partition 245 is configured with read protection, write protection, or both. In some examples, the mapping of public key table 260 may include a mapping of keys, host system 105 or host entity 210, with multiple partitions 245, which may use a common key but have unique protection attributes to support each partition 245. In some examples, the public key table may support a key hierarchy that causes the master host system 105 or associated key to assign partition 245 to another host system 105 or to host entity 210 or its respective key.
In some examples, memory system 110-a may include a Platform Configuration Register (PCR) 270 that may store or measure software states (e.g., version, update state), such as the state of software running on memory system 110-a, and configuration data used by such software (e.g., to represent platform software states of memory system 110-a). In some examples, the PCR 270 may include information that may be evaluated to determine whether the memory system 110-a has been compromised or may be otherwise untrusted. Although the PCR 270 is shown as being separate from the memory system controller 115-a, in some examples, the PCR 270 may be part of or otherwise associated with the memory system controller 115-a, such as a location (e.g., the local memory 120) associated with firmware for the memory system 110-a or the memory system controller 115-a. Such techniques may support PCR 270 to store or measure the state of such firmware, which may be used to evaluate whether such firmware has been disadvantageously updated (e.g., to evaluate whether memory system 110-a may be authenticated).
In some examples, memory system 110-a may include Replay Protected Memory Block (RPMB) 265, which may be provided as a means to store data in an authenticated and replay protected manner that can only be read and written via successfully authenticated read and write accesses. In some examples, RPMB 265 may include information that may be evaluated to determine whether signaling exchanged with memory system 110-a has been intercepted and rebroadcast, which may indicate whether one or more devices or connections of system 200 are untrusted. While RPMB 265 is shown separate from memory system controller 115-a, in some examples RPMB 265 may be part of or otherwise associated with memory system controller 115-a, such as a storage location (e.g., local memory 120) including firmware for memory system 110-a or memory system controller 115-a. In some examples, RPMB 265 may be associated with a fixed size, a set of fixed addresses, or both.
In some examples, memory system 110-a may include content 280, which may refer to various types of information stored at memory system 110-a. In some examples, content 280 may be accessed or otherwise used to support various key generation (e.g., content-based key generation) or other encryption techniques in accordance with examples disclosed herein. For example, the content 280 may include firmware of the memory system 110-a, such as boot code (e.g., a first level boot code, "L0" boot code, a second level boot code, "L1" boot code, boot code that may be invoked or read by the host system 105-a), or FSD, which may establish an operational or encrypted state of the memory system 110-a. In some examples, information associated with the content 280 may be used by the memory system 110-a to support various authentication or encryption techniques (e.g., to generate credentials that operate with the host system 105-a). Although the content 280 is shown as being separate from the memory system controller 115-a, in some examples the content 280 may be part of or otherwise associated with the memory system controller 115-a, such as a storage location including firmware for the memory system 110-a or the memory system controller 115-a. Further, while the content 280 is shown separate from the storage device 240, in some examples, the content 280 may refer to information included in portions of the storage device 240 (e.g., included in separate or dedicated partitions 245). In some implementations, the content 280 may receive information from or may refer to one or more aspects of the PCR 270.
One or more components of system 200 may be configured to implement asymmetric key distribution to establish authenticated signaling, encrypted signaling, or both between host system 105-a and memory system 110-a (e.g., according to authenticated system identities), which may include implementing cryptographic security functionality directly in memory system 110-a (e.g., utilizing the capabilities of memory system controller 115-a to support various techniques for asymmetric cryptography). In some examples, such techniques may involve passing substantially public device identification information between the host system 105-a and the memory system 110-a that supports device-specific or hardware-specific authentication of the respective system (e.g., without attempting to keep secrets or avoid exposing exchanged private or secret key material corresponding to the respective device). In some examples, such asymmetric passwords may be utilized to derive an equivalent or other symmetric key on each side of the signaling exchange (e.g., at each of the host system 105-a and the memory system 110-a) using a common secret that is not itself communicated between the host system 105-a and the memory system 110-a, which may leverage the efficiency of symmetric key techniques for authenticated or encrypted signaling relative to asymmetric key techniques. In some examples, such techniques may be implemented to establish a virtual authentication channel 205 between the host system 105-a and the memory system 110-a, which may be used to transfer signaling (e.g., encrypted signaling, unencrypted signaling) and associated signatures (e.g., asymmetric signatures such as Elliptic Curve Digital Signature Algorithm (ECDSA) signatures; symmetric signatures such as Hashed Message Authentication Code (HMAC) signatures) between the host system 105-a and the memory system 110-a.
In some examples, system 200 may be configured to support the signing and verification (e.g., authentication) of signaling between host system 105-a and memory system 110-a (e.g., according to signed command signaling, signed request signaling, signed data signaling, or signed response signaling), which may be implemented to authenticate the transmission system of such signaling, or to ensure that signaling has not been altered prior to receipt by the receiving system, or both. According to such techniques, the receiving system may be able to evaluate the received signaling to determine whether the transmitted signaling was transmitted by an unverified or unauthorized transmission system, or whether the transmitted signaling was altered or otherwise compromised. In some examples, such techniques may support one-to-many security arrangements because multiple receiving systems may be able to implement the same public key of a transmission system (e.g., the same public key of an asymmetric key pair) associated with a single private key of the transmission system (e.g., a single private key of an asymmetric key pair).
In some examples for signing and verifying signaling between host system 105-a and memory system 110-a, the signature for a given instance of signaling (e.g., message, command, request, packet, response) may be derived by hashing or otherwise processing the instance of signaling with a function (e.g., a hash function, cryptographic hash algorithm) that receives as input the instance of signaling and a private key associated with the transmission system. The output (e.g., signature, hash digest) of such a function may be recreated using the same function with the same signaling instance and the same private key associated with the transmission system or an associated public key associated with the transmission system (e.g., the public key of an asymmetric key pair). In an example, for a signaling instance associated with a 1 megabyte program operation, the hash function based on 1 megabyte of data and the private key may be a 256-bit signature or hash digest.
In support of verifying the authenticity of the transmission system, the transmission system may transmit a signaling instance and a corresponding signature that may be received by the receiving system. The receiving system may have received or otherwise generated an associated public key of the transmitting system and, thus, may generate a trial signature based on the received signaling instance and the associated public key of the transmitting system. If the trial signature matches the received signature, the receiving system may determine that the transmission system is reliable (e.g., the instance of signaling is a transmission from a trusted system), and may proceed to process or otherwise perform responsive actions on the instance of signaling received. In some implementations, signature generation may be configured such that the generated signature will be different even when instances of signaling are the same. In such implementations, the signature generation and verification operations may be further based on random numbers, temporary values, or monotonic counters that are understood to be both the transmitting system and the receiving system.
In some examples, system 200 may be configured to support encryption and decryption processing of signaling between host system 105-a and memory system 110-a (e.g., in accordance with encrypted signatures, encrypted command signaling, encrypted request signaling, encrypted data signaling, or encrypted responses), which may be implemented to ensure that the contents of such signaling are not intercepted and interpreted or otherwise processed (e.g., for maintaining the integrity of the signaling itself). According to such techniques, the transmission system may encrypt signaling instances for transmission using a key known to the transmission system (e.g., a key of a symmetric key pair), and the receiving system may decrypt such received signaling instances using a key known to the receiving system (e.g., a key of the same symmetric key pair), which may be the same as a symmetric key known to the transmission system, or may be otherwise equivalent to or available for such decryption. In some examples, such techniques may support a one-to-one security arrangement because a symmetric key pair may be understood as only a single transmission system and a single reception system (e.g., when the symmetric key pair is based on a unique identifier for each of the transmission system and the reception system). However, some encryption techniques may support arrangements other than one-to-one security arrangements, such as when the symmetric key is based on a unique identifier for more than two systems.
Some implementations of the described techniques may utilize asymmetric cryptography in which a public key associated with host system 105-a may be uploaded to one or more memory systems 110 (e.g., memory system 110-a) without exposing the private key of host system 105-a, which may prevent an adverse participant from stealing the key and mimicking a real key holder (e.g., mimicking host system 105-a). Such techniques may also allow for public key replacement, which may be different from other techniques, such as those related to RPMB or Replay Protected Monotonic Counters (RPMC). In some examples, such asymmetric cryptography techniques may facilitate the use of Public Key Infrastructure (PKI) techniques in which keys may be verified by normalizing a digital certificate chain.
In some implementations, the exchange of public keys may support the generation of symmetric keys at each of the host system 105-a and the memory system 110-a using diffie-hellman key exchange or elliptic curve techniques, etc., such that symmetric secrets may be shared between the device and the host without exposing the private keys of the respective systems. In some implementations, an asymmetric diffie-hellman key exchange may be performed between the host system 105-a and the memory system 110-a to generate a symmetric key, which is then used to achieve better performance at the host system 105-a or the memory system 110-a for authentication, encryption, or both. Furthermore, ephemeral symmetric keys may be derived using the same algorithm shared by host system 105-a and memory system 110-a to make it more difficult for adverse participants to extract or replicate such keys, which is based on various techniques for the generation of ephemeral keys for duration initiation or event initiation.
In some examples, the exchange of public keys may be associated with the creation of digital certificates, which may include various signaling or other interactions with one or more certificate authorities or registrations, or may involve self-signed certificates or various combinations thereof. For example, the host system 105-a or a cloud authority or other centralized certification authority in communication with the host system 105-a may generate a Certificate Signing Request (CSR), which may be an example of a self-signed certificate that proves that the memory system 110-a has a private key associated with a public key in the CSR. In some examples, such CSR may be transferred from memory system 110-a to a centralized certification authority as part of a manufacturing operation (e.g., for manufacturing memory system 110-a). In some implementations, in response to the identity of the memory system 110-a being validated (e.g., validated by the cloud institution, vendor authentication), manufacturer-approved credentials may be provided to the host system 105-a, the memory system 110-a, or both. In some examples, such techniques may support requesting the system to download manufacturer-approved certificates (e.g., certificates approved by a certificate authority) or download CSRs.
FIG. 3 illustrates an example of a process flow 300 supporting memory system security and authentication using asymmetric keys according to examples disclosed herein. The operations of process flow 300 may be performed by host system 105-b and memory system 110-b, which may be examples of the respective systems described with reference to fig. 1 and 2. Aspects of process flow 300 may be implemented by one or more controllers (e.g., one or more respective controllers at each of host system 105-b and memory system 110-b), among other components. Additionally or alternatively, aspects of process flow 300 may be implemented as instructions stored in memory (e.g., in memory of host system 105-b and memory system 110-b or respective firmware coupled thereto). For example, the instructions, when executed by a controller, may cause the controller to perform one or more operations of process flow 300.
In some examples, process flow 300 may include the generation of a public key that may be communicated between host system 105-b and memory system 110-b, which may be referred to as an asymmetric key or an asymmetric public key (e.g., a public key of an asymmetric key pair, a public key of a respective private key that each corresponds to an asymmetric key pair). The generation of such public keys may be based on private keys maintained at the respective systems, where such private keys are not shared outside the respective systems. Such techniques may enable host system 105-b and memory system 110-b to sign (e.g., authenticate a transmission system) or encrypt (e.g., for information integrity) or both various transmitted signaling without exchanging private identification information that is unique to each system. Thus, such techniques may promote the ability to communicate with authenticity and integrity as compared to other techniques that do not perform the distribution of encrypted hardware identification information, or that may be more easily cloned or stolen (e.g., techniques that distribute symmetric keys in a potentially unsafe manner).
For example, at 305, host system 105-b may generate a host system public key, which may be based at least in part on the host system private key (e.g., calculated using the host system private key). In various examples, the host system private key may be stored at the host system 105-b, or otherwise generated at the host system using a private identifier such as a fuse configuration, an identity stored in non-volatile memory, a PUF of the host system 105-b, or some other unique identifier of the host system 105-b, which may prevent cloning or extraction. In some examples, the host system private key may be generated based on a combination of the unique identifier (e.g., the unique device secret of the host system 105-b) and content stored at the host system 105-a (e.g., in the content 220). In some examples, the host system public key generated at 305 may be associated with a particular address range (e.g., partition 245 or portion thereof) or memory protection attribute (e.g., read protection, write protection), or a combination thereof, at a particular host entity 210 or memory system 110-b. In some examples, such public key attributes may not be associated with the host system public key generated at 305, but may be later associated with one or more symmetric keys generated based at least in part on the host system public key, or may be later assigned by the memory system 110-a.
In some examples (e.g., when host system 105-b and memory system 110-b are configured to support symmetric keys, encryption, or both), memory system 110-b may generate a memory system public key at 310 that may be based at least in part on a memory system private key (e.g., calculated using the memory system private key). In various examples, a memory system private key may be generated at the memory system 110-b using a private identifier such as a fuse configuration, an identity stored in non-volatile memory, the PUF 255, or some other unique identifier of the memory system 110-b, which may prevent cloning or extraction. In some examples, the memory system private key may be generated based on a combination of a unique identifier (e.g., a unique device secret of the memory system 110-b) and content stored at the memory system 110-b (e.g., in the content 280). In some examples, the memory system public key generated at 310 may be associated with a particular address range (e.g., partition 245 or portion thereof) or memory protection attribute (e.g., read protection, write protection) or a combination thereof at memory system 110-b. In some examples, the public key associated with memory system 110-b may be paired with or otherwise linked (e.g., mapped by public key table 260) with the corresponding host system 105 or host system public key (e.g., the host system public key generated at 305). In some examples, such keying attributes may not be associated with the memory system public key generated at 310, but may be later associated with one or more symmetric keys generated based at least in part on the host system public key.
In some examples, process flow 300 may include an exchange of generated public keys between host system 105-b and memory system 110-b. For example, at 315, host system 105-b may transmit the host system public key generated at 305, which may be received by memory system 110-b. In some examples (e.g., when host system 105-b and memory system 110-b are configured to support symmetric keys, encryption, or both), at 320, memory system 110-b may transmit the memory system public key generated at 310, which may be received by host system 105-b. In some examples, the transmitted public key may be stored at the respective receiving system (e.g., in key store 215, in key store 250), such as in a non-volatile store of the respective receiving system or otherwise in communication with the respective receiving system. In some other examples, such transmitted or received public keys may not be stored, but keys generated based on such transmitted or received public keys may be stored after further processing. In some examples, such asymmetric public keys may be updateable, where such updates (e.g., according to one or more operations of 305 or 310) may be initiated based on a timer or event, and such updated or substituted asymmetric public keys that are subsequently generated may thus be transmitted from the generating system to the receiving system.
In some examples, process flow 300 may include generating symmetric keys by host system 105-b and memory system 110-b, which may be calculated based at least in part on the respectively received public keys. Such symmetric keys may be generated to be equal or otherwise equivalent between the two systems (e.g., as a shared secret), or may otherwise operate to have one system used to authenticate information signed with the other system or to have one system used to decode information encoded with the other system, or both, although transmission of private information is avoided. For example, at 325, host system 105-b may generate a symmetric key, which may be based at least in part on the memory system public key transmitted at 320 and the private key of host system 105-b (e.g., calculated using the memory system public key and the private key). Further, at 330, the memory system 110-b may also generate a symmetric key, which may be based at least in part on the host system public key transmitted at 315 and the private key of the memory system 110-b (e.g., calculated using the host system public key and the private key). In some examples, such symmetric keys may be generated using diffie-hellman techniques or other exponential key exchange or generation protocols, including elliptic curve techniques. In some examples, the generated symmetric key may be stored at the generating system (e.g., in key store 215, in key store 250), such as in a non-volatile storage of or otherwise in communication with the respective generating system.
While in some examples, the symmetric key generated by the maintained private key and the received public key (e.g., the "first" symmetric key) may be implemented directly in the techniques disclosed herein, in some other examples, such symmetric key may be applied as input to further key generation, such as generation of ephemeral keys (e.g., the "second" symmetric key, ephemeral symmetric key). For example, at each of 325 and 330, or some other continuous operation, each of host system 105-b and memory system 110-b may generate a respective ephemeral key, which may be relatively temporary in nature. In some examples, the generation of such ephemeral keys may be initiated for a duration, such as on a timer value (e.g., at host system 105-b, at memory system 110-b, or both) that satisfies a threshold. In some examples, the generation of such ephemeral keys may be event initiated, such as when the memory system 110-b or the host system 105-b is powered up (e.g., the ephemeral keys are generated per power cycle), the memory system 110-b or the host system 105-b is reset, the memory system 110-b or the host system 105-b has an error condition. In some examples, either or both of host system 105-b or memory system 110-b may be configured to transmit signaling as a command or request for the other system to initiate generation or replacement of a ephemeral key, which may be associated with a signaling system that has performed ephemeral key generation or regeneration, or triggered or scheduled to perform ephemeral key generation or regeneration, as well as other triggering events. In some examples, the ephemeral keys generated may be stored in volatile storage (e.g., in key storage 250, in key storage 215) at or otherwise in communication with the respective generation system, which may be implemented to avoid fatigue or endurance problems associated with periodic updates of ephemeral keys in some non-volatile storage architectures. However, in some implementations (e.g., where fatigue of the non-volatile memory cells is not a concern), the ephemeral key may be stored in non-volatile storage.
In some examples, the process flow 300 may include a determination to transmit signaling to the memory system 110-b (e.g., determined by the host system 105-b), which may be associated with a command to access the memory system 110-b (e.g., a read command, a write command), or a command or request to reconfigure the memory system 110-b (e.g., a request to modify an operating parameter, a request to enter an operating mode, a request to implement a data protection attribute, a poll for a status or configuration of the memory system 110-b), and other requirements, commands, or other control signaling that may or may not be accompanied by other data (e.g., write data). Such signaling may be signed or encrypted, or both, depending on the described techniques for using asymmetric keys by host system 105-b and memory system 110-b.
In some examples, to support authentication of such signaling, or authentication of a transmitter of such signaling (e.g., for authenticating host system 105-b), host system 105-b may sign signaling, or at least some portion thereof, at 335 based at least in part on a private key associated with host system 105-b (e.g., calculated using the private key). In some examples, such signatures or the configuration of such signatures may be based on the type or nature of the signaling. For example, in some implementations, only certain types of signaling are preceded, such as signing only certain access commands (e.g., signing read commands, signing write commands, signing commands that change protection properties).
In some examples, the signature of 335 may be based at least in part on a symmetric key generated at 325, which may be more secure or more efficient than a signature based on a private key associated with host system 105-b. The determination to sign signaling with such symmetric keys may be based on the configuration (e.g., mode of operation, mode register settings) or indication capability of host system 105-b, or the configuration or indication capability of memory system 110-b, or both. In some examples, an indication of whether the signaling has been signed using a private key associated with host system 105-b or using a symmetric key generated at 325 may be indicated as part of the transmitted signaling, or may have been indicated to memory system 110-b by host system 105-b in an earlier transmission (e.g., an earlier instance of control signaling), or may have been requested by memory system 110-b. In other words, the host system 105-b or the memory system 110-b, or both, may be configured to dynamically sign signaling in accordance with a private key associated with the transmitting device or a generated symmetric key. In some examples, such signatures may be appended to data included in or otherwise accompanying the signaling, which may or may not be encrypted.
In some examples, to support the integrity (e.g., information integrity) of such signaling, host system 105-b may encrypt 340 the signaling, or at least some portion thereof, based at least in part on the symmetric key generated at 325 (e.g., using the symmetric key calculation). In some examples, such encryption or configuration of such encryption may be based on the type or characteristics of signaling, or associated information. For example, in some implementations, only certain types of signaling are encrypted, such as only certain access commands (e.g., read commands, write commands, data associated with write commands, commands that change protection attributes).
At 345, host system 105-b may transmit signaling, at least a portion of which may have been signed, or encrypted, or both signed and encrypted, and which may be received by memory system 110-b. In some examples, the signaling of 340 may include or be accompanied by a flag or other indication that the signaling has been signed, or encrypted, or both signed and encrypted, such as vendor-specific bits accompanied by or otherwise associated with the signaling. Thus, the memory system 110-b may process such an indication to evaluate whether the received signaling of 345 may or should be authenticated, decrypted, or both authenticated and decrypted (e.g., for determining whether to perform operations 350, 355, or both 350 and 355).
For example, at 350, the memory system 110-b may attempt to authenticate the signaling of 345 (e.g., to verify or authenticate the host system 105-b as a transmitter of the signaling, or the host entity 210 associated with the host system 105-b). In various examples, the authentication evaluation at 350 may be based on a configuration or mode of operation associated with authentication using an asymmetric key or using a symmetric key, or both, which may be based on an indication of signaling at 345, or previous signaling from host system 105-b. For example, to support authentication of the signaling or its transmitter, the memory system 110-b may authenticate the signaling or at least some portion thereof based at least in part on (e.g., using) the host system public key received at 315 or based at least in part on the symmetric key generated at 330.
In some examples, at 355, memory system 110-b may attempt to decrypt the signaling of 345. In various examples, decryption at 355 may be based on a configuration or mode of operation of host system 105-b, memory system 110-b, or both, or may be based on an indication of the signaling itself. For example, to support decryption of signaling, the memory system 110-b may decrypt the signaling, or at least some portion thereof, based at least in part on (e.g., using) the symmetric key generated at 330. In some examples, decryption of 355 may be performed only if the signaling is authenticated at 350.
At 360, the memory system 110-b may evaluate whether to perform the operation in response to the signaling of 345. For example, if the authentication of 350 supports the determination that signaling of 345 is transmitted by a trusted system (e.g., by host system 105-b), memory system 110-b may determine to perform a responsive action, such as performing an access of memory system 110-b commanded by signaling of 345, or updating an operating parameter of memory system 110-b commanded or requested by signaling of 345. In some examples, such operations may include performing an access command according to information decrypted at 355 (e.g., write information). Alternatively, if the authentication of 350 does not support a determination that the signaling of 345 is transmitted by the trusted system (e.g., by host system 105-b), then memory system 110-b may determine that responsive operation is not to be performed in accordance with the signaling of 345, where such determination may or may not be signaled back to host system 105-b.
In some examples, host system 105-b, memory system 110-b, or both may be configured to exchange response signaling based on (e.g., in response to) the signaling communicated (e.g., in response to signaling of 345). For example, in response to signaling associated with an access command from host system 105-b, memory system 110-b may transmit an acknowledgement of receipt of the command, an indication of whether to perform the command access, an identification of whether the command access was successful or an identification of whether to authenticate the access command or its transmission system, as well as other responsive signaling. In some examples, such a response may include information from the original command to confirm an action, such as returning or reflecting data of the write operation (e.g., unencrypted, encrypted, or hashed) to confirm write accuracy. In some examples (e.g., in response to a read command), such a response may include information from the memory system 110-b (e.g., from the storage device 240), such as requested read data (e.g., unencrypted or encrypted). In various implementations, such responses may be signed, or encrypted, or both signed and encrypted, which may include techniques similar to the operation of 335 and 340, or different operations (e.g., based on configuration or mode of operation, based on the type of signaling associated with such responses).
In some examples, to support authentication of such responses or authentication of transmitters of such responses (e.g., to authenticate the memory system 110-b), at 365, the memory system 110-b may sign the response or at least some portion thereof based at least in part on a private key associated with the memory system 110-b (e.g., calculated using the private key). In some examples, such signatures or the configuration of such signatures may be based on the type or nature of the response. For example, in some implementations, only certain types of response signaling are signed, such as only responses to certain access commands (e.g., responses to read commands, responses to write commands, responses to commands that change protection attributes). In some examples, the signature of 365 may be based at least in part on the symmetric key generated at 330, which may be more secure or more efficient than a signature based on a private key associated with the memory system 110-b.
In some examples, to support the integrity of such responses (e.g., response integrity, information integrity), at 365, the memory system 110-b may encrypt the response, or at least some portion thereof, based at least in part on the symmetric key generated at 330 (e.g., using the symmetric key calculation). In some examples, such encryption or configuration of such encryption may be based on the type or characteristics of the response or associated information. For example, in some implementations, only certain types of response signaling are encrypted, such as only responses to certain access commands (e.g., responses to write commands, responses to read commands, data associated with read commands, responses to commands that change protection attributes).
At 360, the memory system 110-b may transmit a response, at least a portion of which may have been signed, or encrypted, or both signed and encrypted, and which may be received by the host system 105-b. In some examples, the signaling of 370 may include or be accompanied by a flag or other indication that the signaling has been signed, or encrypted, or both signed and encrypted, such as vendor-specific bits accompanied by or otherwise associated with the response signaling. Thus, host system 105-b may process such an indication to evaluate whether the received response of 370 may or should be authenticated, decrypted, or both authenticated and decrypted (e.g., for determining whether to trust the response).
For example, at 375, host system 105-b may attempt to authenticate the response signaling of 370 (e.g., to verify or authenticate memory system 110-b of the responding transmitter). In various examples, authentication evaluation at 375 may be based on a configuration or mode of operation associated with authentication using an asymmetric key or using a symmetric key or both, which may be based on response signaling of signaling 345 or 370, or an indication of previous signaling from host system 105-b or from memory system 110-b. For example, to support authentication of response signaling or its transmitter, host system 105-b may verify the signaling or at least some portion thereof based at least in part on (e.g., using) the memory system public key received at 320 or based at least in part on the symmetric key generated at 325.
In some examples, host system 105-b may attempt to decrypt 370 the signaling at 375. In various examples, decryption at 375 may be based on a configuration or mode of operation of host system 105-b, memory system 110-b, or both, or may be based on an indication of signaling of 345 or responsive signaling of 370. For example, to support decryption of response signaling, host system 105-b may decrypt the signaling, or at least some portion thereof, based at least in part on (e.g., using) the symmetric key generated at 325. In some examples, decryption of 375 may be performed only if authentication of 375 is successful.
Fig. 4 shows a block diagram 400 of a host system 420 supporting memory system security and authentication using asymmetric keys, according to an example disclosed herein. Host system 420 may be an example of aspects of the host systems described with reference to fig. 1-3. Host system 420, or various components thereof, may be an example of means for performing various aspects of memory system security and authentication using asymmetric keys as described herein. For example, host system 420 may include a key transmission component 425, a key reception component 430, a signaling transmission component 435, a key management component 440, a response reception component 445, a key storage component 450, or any combination thereof. Each of these components may communicate with each other directly or indirectly (e.g., via one or more buses).
The key transmission component 425 can be configured or otherwise support means for transmitting a public key (e.g., an asymmetric key) associated with the host system 420, wherein the public key is based at least in part on a private key associated with the host system 420. The signaling component 435 can be configured or otherwise support means for transmitting signaling (e.g., to a memory system), wherein at least a portion of the signaling is signed based at least in part on a private key associated with the host system 420. In some examples, the signaling may include commands to access the memory system or commands to modify operating parameters of the memory system.
In some examples, key receiving component 430 may be configured or otherwise support means for receiving a public key associated with a memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and different from the public key associated with host system 420. In some examples, the signaling component may be configured to encrypt at least a portion of the signaling based at least in part on a private key associated with host system 420, a public key associated with the memory system, or both.
In some examples, key management component 440 may be configured or otherwise support means for generating a symmetric key based at least in part on a private key associated with host system 420 and a received public key associated with a memory system, and may encrypt at least a portion of the signaling based at least in part on the symmetric key. In some examples, key storage component 450 may be configured or otherwise support means for storing symmetric keys in a non-volatile storage location (e.g., at host system 420 or otherwise in communication with host system 420).
In some examples, key management component 440 may be configured or otherwise support means for generating a second symmetric key (e.g., ephemeral key) based at least in part on the symmetric key, and may encrypt at least a portion of the signaling based at least in part on the second symmetric key. In some examples, key storage component 450 may be configured or otherwise support means for storing the second symmetric key in a volatile storage location (e.g., at host system 420 or otherwise in communication with host system 420). In some examples, generating the second symmetric key may be based at least in part on a memory system power-on or a memory system reset. In some examples, generating the second symmetric key may satisfy the threshold based at least in part on the time elapsed since the previous key generation. In some examples, the key management component 440 may be configured or otherwise support means for receiving signaling for initiating key generation (e.g., from a memory system), and performing the generation of the second symmetric key in response to the signaling for initiating key generation.
In some examples, a private key associated with host system may be associated with a host entity of host system 420, and key management component 440 may be configured or otherwise enabled to generate a public key associated with host system 420 based at least in part on the private key associated with the host entity of host system 420. In some examples, a public key associated with a host system may be associated with an address range of a memory system. In some examples, the address range may be associated with a memory protection attribute.
In some examples, key management component 440 may be configured or otherwise enabled to generate a public key associated with host system 420 based at least in part on a master host private key and a private key associated with an entity of host system 420.
In some examples, key receiving component 430 may be configured or otherwise support means for receiving a public key associated with a memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and different from the public key associated with host system 420. In some examples, response receiving component 445 may be configured or otherwise support means for receiving responses to signaling. In some examples, the response receiving component 445 may be configured or otherwise support means for attempting to authenticate at least a portion of the response based at least in part on a public key associated with the memory system.
Fig. 5 shows a block diagram 500 of a memory system 520 supporting memory system security and authentication using asymmetric keys according to an example disclosed herein. Memory system 520 may be an example of aspects of the memory systems described with reference to fig. 1-3. Memory system 520, or various components thereof, may be an example of means for performing various aspects of memory system security and authentication using asymmetric keys described herein. For example, memory system 520 may include a key transmission component 525, a key reception component 530, a signaling reception component 535, a key management component 540, a response transmission component 545, a key storage component 550, or any combination thereof. Each of these components may communicate with each other directly or indirectly (e.g., via one or more buses).
The key receiving component 530 can be configured or otherwise support means for receiving a public key associated with a host system, wherein the public key associated with the host system is based at least in part on a private key associated with the host system. The signaling receiving component 535 may be configured or otherwise support means for receiving signaling from a host system. In some examples, signaling receiving component 535 may be configured or otherwise support means for determining a response to signaling (e.g., what responsive action to take or whether to take responsive action, such as whether to access memory system 520) based at least in part on an attempt to authenticate at least a portion of the signaling based at least in part on a public key associated with the host system. In some examples, the signaling may include commands to access the memory system 520 or commands to modify operating parameters of the memory system 520.
Key transmission component 525 may be configured or otherwise support means for transmitting a public key (e.g., an asymmetric key) associated with memory system 520, wherein the public key associated with memory system 520 is based at least in part on a private key associated with memory system 520 and is different from a public key associated with a host system. In some examples, signaling receiving component 535 may be configured or otherwise support means for attempting to decrypt at least a portion of the signaling based at least in part on a private key associated with memory system 520, a public key associated with a host system, or both.
In some examples, key management component 540 may be configured or otherwise support means for generating a symmetric key based at least in part on a private key associated with memory system 520 and a public key associated with a host system, and attempting to decrypt at least a portion of the signaling may be based at least in part on the symmetric key. In some examples, key storage component 550 may be configured or otherwise support means for storing symmetric keys in a non-volatile storage location (e.g., at memory system 520 or otherwise in communication with memory system 520).
In some examples, key management component 540 may be configured or otherwise support means for generating a second symmetric key (e.g., ephemeral key) based at least in part on the symmetric key, and attempting to decrypt at least a portion of the signaling may be based at least in part on the second symmetric key. In some examples, key storage component 550 may be configured or otherwise support means for storing a second symmetric key in a volatile storage location (e.g., at memory system 520 or otherwise in communication with memory system 520). In some examples, generating the second symmetric key may be based at least in part on memory system 520 powering up or memory system 520 resetting. In some examples, generating the second symmetric key may satisfy the threshold based at least in part on the time elapsed since the previous key generation. In some examples, the key management component 540 may be configured or otherwise support means for receiving signaling for initiating key generation (e.g., from a host system), and generating the second symmetric key may be performed in response to the signaling for initiating key generation.
In some examples, a public key associated with a memory system may be associated with an address range of memory system 520. In some examples, the address range may be associated with a memory protection attribute.
In some examples, key transmission component 525 may be configured or otherwise support means for transmitting (e.g., to a host system) a public key associated with memory system 520, wherein the public key associated with memory system 520 is based at least in part on a private key associated with memory system 520 and different from the public key associated with the host system. In some examples, response transmission component 545 may be configured or otherwise support means for transmitting a response to signaling (e.g., to a host system), and may sign at least a portion of the response based at least in part on a private key associated with memory system 520.
In some examples, key management component 540 may be configured or otherwise support means for generating a private key associated with memory system 520 based at least in part on a physical unclonable function at memory system 520.
Fig. 6 shows a flow chart illustrating a method 600 of supporting memory system security and authentication using asymmetric keys according to an example disclosed herein. The operations of method 600 may be implemented by a host system or components thereof as described herein. For example, the operations of method 600 may be performed by the host system described with reference to fig. 1-4. Aspects of the method 600 may be implemented by a controller, as well as other components. Additionally or alternatively, aspects of method 600 may be implemented as instructions stored in memory (e.g., firmware stored in memory of a host system coupled with the host system). For example, the instructions, if executed by a controller, may cause the controller to perform the operations of method 600. In some examples, a host system may execute a set of instructions to control the functional elements of a device to perform the described functions. Additionally or alternatively, the host system may use dedicated hardware to perform aspects of the described functions.
At 605, the method may include transmitting a public key associated with the host system to the memory system, wherein the public key associated with the host system is based at least in part on a private key associated with the host system. The operations of 605 may be performed according to examples as disclosed herein. In some examples, aspects of the operation of 605 may be performed by key transmission component 425 described with reference to fig. 4.
At 610, the method may include transmitting signaling to a memory system, wherein at least a portion of the signaling is signed based at least in part on a private key associated with a host system. The operations of 610 may be performed according to examples as disclosed herein. In some examples, aspects of the operation of 610 may be performed by signaling component 435 described with reference to fig. 4.
In some examples, an apparatus as described herein may perform one or more methods, such as method 600. An apparatus may include features, circuitry, logic, means, or instructions (e.g., a non-transitory computer-readable medium storing instructions executable by a processor) or any combination thereof for performing the following aspects of the disclosure:
aspect 1: a method or apparatus comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: transmitting a public key associated with a host system to a memory system, wherein the public key associated with the host system is based at least in part on a private key associated with the host system; and transmitting signaling to the memory system, wherein at least a portion of the signaling is signed by the host system based at least in part on the private key associated with the host system.
Aspect 2: the method of aspect 1, wherein the signaling includes a command to access the memory system or a command to modify an operating parameter of the memory system.
Aspect 3: the method or apparatus of any of aspects 1-2, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: receiving a public key associated with the memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and is different from the public key associated with the host system; and encrypting at least a portion of the signaling based at least in part on the private key associated with the host system, the public key associated with the memory system, or both.
Aspect 4: the method or apparatus of aspect 3, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: a symmetric key is generated based at least in part on the private key associated with the host system and the public key associated with the memory system, wherein the at least a portion of the signaling is encrypted based at least in part on the symmetric key.
Aspect 5: the method or apparatus of aspect 4, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the generated symmetric key is stored in a non-volatile storage location.
Aspect 6: the method or apparatus of any of aspects 4-5, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: a second symmetric key is generated that is based at least in part on the symmetric key, wherein the at least a portion of the signaling is encrypted based at least in part on the second symmetric key.
Aspect 7: the method or apparatus of aspect 6, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the generated second symmetric key is stored in a volatile storage location.
Aspect 8: the method or apparatus of any of aspects 6-7, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the second symmetric key is generated based at least in part on the memory system powering on or the memory system resetting.
Aspect 9: the method or apparatus of any of aspects 6-8, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the second symmetric key is generated based at least in part on the time elapsed since the previous key generation meeting a threshold.
Aspect 10: the method or apparatus of any of aspects 6-9, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: signaling to initiate key generation is received (e.g., from a memory system), and the second symmetric key is generated in response to the signaling to initiate the key generation.
Aspect 11: the method or apparatus of any of aspects 4-10, wherein the private key is associated with a host entity of the apparatus, the method or apparatus further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the public key associated with the host system is generated based at least in part on the private key associated with the host entity of the host system.
Aspect 12: the method or apparatus of any of aspects 4-11, wherein the public key or the symmetric key associated with the host system is associated with an address range of the memory system.
Aspect 13: the method or apparatus of aspect 12, wherein the address range is associated with a memory protection attribute.
Aspect 14: the method or apparatus of any of aspects 1-13, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the public key associated with the host system is generated based at least in part on a master host private key and a private key associated with an entity of the host system.
Aspect 15: the method or apparatus of any of aspects 1-14, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: receiving a public key associated with the memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and is different from the public key associated with the host system; receiving a response to the signaling; and attempting to authenticate at least a portion of the response based at least in part on the public key associated with the memory system.
Fig. 7 shows a flow chart illustrating a method 700 of supporting memory system security and authentication using asymmetric keys according to an example disclosed herein. The operations of method 700 may be implemented by a memory system or components thereof as described herein. For example, the operations of method 700 may be performed by the memory systems described with reference to fig. 1-3 and 5. Aspects of the method 700 may be implemented by a controller, as well as other components. Additionally or alternatively, aspects of method 700 may be implemented as instructions stored in a memory (e.g., firmware stored in a memory of a memory system coupled with the memory system). For example, the instructions, if executed by a controller, may cause the controller to perform the operations of method 700. In some examples, a memory system may execute a set of instructions to control functional elements of a device to perform the described functions. Additionally or alternatively, the memory system may use dedicated hardware to perform aspects of the described functions.
At 705, the method may include receiving a public key associated with a host system (e.g., at a memory system), wherein the public key associated with the host system is based at least in part on a private key associated with the host system. Operations of 705 may be performed according to examples as disclosed herein. In some examples, aspects of the operations of 705 may be performed by key receiving component 530 described with reference to fig. 5.
At 710, the method may include receiving signaling (e.g., at a memory system) from a host system. Operations of 710 may be performed according to examples as disclosed herein. In some examples, aspects of the operation of 710 may be performed by the signaling reception component 535 described with reference to fig. 5.
At 715, the method may include determining a response to the signaling based at least in part on an attempt to authenticate at least a portion of the signaling based at least in part on a public key associated with the host system. 715 may be performed according to examples as disclosed herein. In some examples, aspects of the operations of 715 may be performed by the signaling reception component 535 described with reference to fig. 5.
In some examples, an apparatus as described herein may perform one or more methods, such as method 700. An apparatus may include features, circuitry, logic, means, or instructions (e.g., a non-transitory computer-readable medium storing instructions executable by a processor) or any combination thereof for performing the following aspects of the disclosure:
aspect 16: a method or apparatus comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: receiving, at a memory system, a public key associated with a host system, wherein the received public key associated with the host system is based at least in part on a private key associated with the host system; receiving signaling from the host system at the memory system; and determining, at the memory system, a response to the signaling based at least in part on an attempt to authenticate at least a portion of the signaling, wherein the attempt to authenticate the at least a portion of the signaling is based at least in part on the public key associated with the host system.
Aspect 17: the method of aspect 16, wherein the signaling includes a command to access the memory system or a command to modify an operating parameter of the memory system.
Aspect 18: the method or apparatus of any of aspects 16-17, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: transmitting a public key associated with the memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and is different from the public key associated with the host system; and attempting to decrypt at least a portion of the signaling based at least in part on the private key associated with the memory system and the public key associated with the host system, or both.
Aspect 19: the method or apparatus of aspect 18, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: a symmetric key is generated based at least in part on the private key associated with the memory system and the public key associated with the host system, wherein the attempting to decrypt the at least a portion of the signaling is based at least in part on the symmetric key.
Aspect 20: the method or apparatus of aspect 19, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: generating a second symmetric key based at least in part on the symmetric key, wherein attempting to decrypt the at least a portion of the signaling is based at least in part on the second symmetric key.
Aspect 21: the method or apparatus of aspect 20, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the second symmetric key is generated based at least in part on the memory system powering on or the memory system resetting.
Aspect 22: the method or apparatus of any of aspects 20-21, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the second symmetric key is generated based at least in part on the time elapsed since the previous key generation meeting a threshold.
Aspect 23: the method or apparatus of any of aspects 20-22, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: signaling to initiate key generation is received from a host system, and the second symmetric key is generated in response to the signaling to initiate the key generation.
Aspect 24: the method or apparatus of any of aspects 19-23, wherein the public key or the symmetric key associated with the memory system is associated with an address range of the memory system.
Aspect 25: the method or apparatus of aspect 24, wherein the address range is associated with a memory protection attribute.
Aspect 26: the method or apparatus of any of aspects 16-15, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: transmitting (e.g., to the host system) a public key associated with the memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and is different from the public key associated with the host system; and transmitting a response to the signaling, wherein at least a portion of the response is signed based at least in part on the private key associated with the memory system.
Aspect 27: the method or apparatus of any of aspects 16-26, further comprising operations, features, circuitry, logic, means, or instructions, or any combination thereof, for: the private key associated with the memory system is generated based at least in part on a physical unclonable function at the memory system.
It should be noted that the methods described above describe possible embodiments, and that the operations and steps may be rearranged or otherwise modified, and that other embodiments are possible. In addition, moieties from two or more of the methods may be combined.
Any of a number of different techniques and technologies may be used to represent the information and signals described herein. For example, data, instructions, commands, information, signals, bits, symbols, and chips that may be referenced throughout the above description may be represented by voltages, currents, electromagnetic waves, magnetic fields or particles, optical fields or particles, or any combination thereof. Some figures may illustrate signals as a single signal; however, the signals may represent buses of signals, where the buses may have various bit widths.
The terms "electronic communication," "conductive contact," "connection," and "coupling" may refer to a relationship between components that supports the flow of signals between the components. Components are considered to be in electronic communication with each other (or in conductive contact with each other, or connected to each other, or coupled to each other) if there are any conductive paths between the components that can support the flow of signals between the components at any time. At any given time, the conductive paths between components in electronic communication with each other (or in conductive contact with each other, or connected to each other, or coupled to each other) may be open or closed based on the operation of the device containing the connected components. The conductive paths between connected components may be direct conductive paths between components or the conductive paths between connected components may be indirect conductive paths, which may include intermediate components such as switches, transistors, or other components. In some examples, signal flow between connected components may be interrupted for a period of time, for example, using one or more intermediate components such as switches or transistors.
The term "coupled" refers to a condition that moves from an open circuit relationship between components, in which a signal is not currently able to pass between the components via a conductive path, to a closed circuit relationship between components, in which a signal is able to pass between the components via the conductive path. If a component, such as a controller, couples other components together, the component initiates a change that allows a signal to flow between the other components via a conductive path that previously did not permit the signal to flow.
The term "isolated" refers to a relationship between components in which signals cannot currently flow between the components. If there is an open circuit between the components, the components are isolated from each other. For example, if the switch is open, the components separated by the switch positioned between the two components are isolated from each other. If the controller isolates the two components, the controller implements the following changes: signals are prevented from flowing between components using conductive paths that previously permitted signal flow.
The terms "if," "when …," "based on," or "based at least in part on" are used interchangeably. In some examples, the terms are interchangeable if the terms "if," "when …," "based on," or "based at least in part on" are used to describe a conditional action, a conditional process, or a connection between portions of a process.
The term "responsive to" may refer to a condition or action that occurs at least partially (if not completely) as a result of a previous condition or action. For example, a first condition or action may be performed and a second condition or action may occur at least in part as a result of a previous condition or action occurring (whether directly after the first condition or action or after one or more other intermediate conditions or actions occurring after the first condition or action).
In addition, the term "directly responsive" or "directly responsive" may refer to a condition or action that occurs as a direct result of a prior condition or action. In some examples, a first condition or action may be performed and a second condition or action may occur directly as a result of a previous condition or action occurring independent of whether other conditions or actions occur. In some examples, a first condition or action may be performed and a second condition or action may occur directly as a result of a previous condition or action occurring such that no other intermediate condition or action occurs between the earlier condition or action and the second condition or action, or a limited number of one or more intermediate steps or actions occur between the earlier condition or action and the second condition or action. Any condition or action described herein as being performed "based on," "at least in part on," or "in response to" some other step, action, event, or condition may additionally or alternatively (e.g., in alternative examples) "be performed in direct response" or "directly in response to" such other condition or action, unless otherwise specified.
The devices discussed herein, including memory arrays, may be formed on semiconductor substrates such as silicon, germanium, silicon-germanium alloys, gallium arsenide, gallium nitride, and the like. In some examples, the substrate is a semiconductor wafer. In some other examples, the substrate may be a silicon-on-insulator (SOI) substrate, such as silicon-on-glass (SOG) or silicon-on-Sapphire (SOP), or an epitaxial layer of semiconductor material on another substrate. The conductivity of the substrate or sub-regions of the substrate may be controlled by doping with various chemical species including, but not limited to, phosphorus, boron, or arsenic. Doping may be performed during initial formation or growth of the substrate by ion implantation, or by any other doping means.
The switching components or transistors discussed herein may represent Field Effect Transistors (FETs) and include three terminal devices including a source, a drain, and a gate. The terminals may be connected to other electronic components by conductive material such as metal. The source and drain may be conductive and may include heavily doped (e.g., degenerate) semiconductor regions. The source and drain may be separated by a lightly doped semiconductor region or channel. If the channel is n-type (i.e., most of the carriers are electrons), the FET may be referred to as an n-type FET. If the channel is p-type (i.e., most of the carriers are holes), the FET may be referred to as a p-type FET. The channels may be capped with an insulating gate oxide. Channel conductivity can be controlled by applying a voltage to the gate. For example, applying a positive or negative voltage to an n-type FET or a p-type FET, respectively, may cause the channel to become conductive. A transistor may be "on" or "activated" if a voltage greater than or equal to the threshold voltage of the transistor is applied to the transistor gate. In the case where a voltage less than the threshold voltage of the transistor is applied to the transistor gate, the transistor may be "turned off" or "deactivated".
The description set forth herein in connection with the appended drawings describes example configurations and is not intended to represent all examples that may be practiced or that are within the scope of the claims. The term "exemplary" as used herein means "serving as an example, instance, or illustration," and not "preferred" or "advantageous over" other examples. The detailed description includes specific details that provide an understanding of the described technology. However, the techniques may be practiced without these specific details. In some instances, well-known structures and devices are shown in block diagram form in order to avoid obscuring the concepts of the described examples.
In the drawings, similar components or features may have the same reference numerals. Furthermore, various components of the same type may be distinguished by following the reference label by a short dash and a second label that distinguishes among the similar components. If only the first reference label is used in the specification, the description applies to any one of the similar components having the same first reference label, irrespective of the second reference label.
The functions described herein may be implemented in hardware, software executed by a processor, firmware, or any combination thereof. If implemented in software that is executed by a processor, the functions may be stored on or transmitted over as one or more instructions or code on a computer-readable medium. Other examples and implementations are within the scope of the disclosure and the appended claims. For example, due to the nature of software, the functions described above may be implemented using software executed by a processor, hardware, firmware, hardwired, or a combination of any of these. Features that implement the functions may also be physically located at various locations, including being distributed such that portions of the functions are implemented at different physical locations.
For example, the various illustrative blocks and components described in connection with the disclosure herein may be implemented or performed with a general purpose processor, DSP, ASIC, FPGA or other programmable logic device, discrete gate or transistor logic, discrete hardware components, or any combination thereof designed to perform the functions described herein. The general purpose processor may be a microprocessor; but, in the alternative, the processor may be any processor, controller, microcontroller, or state machine. A processor may be implemented as a combination of computing devices (e.g., a combination of a DSP and a microprocessor, a plurality of microprocessors, one or more microprocessors in conjunction with a DSP core, or any other such configuration).
As used herein (including in the claims), an "or" as used in a list of items (e.g., a list of items beginning with a phrase such as "at least one of" or "one or more of") indicates a list including endpoints such that, for example, a list of at least one of A, B or C means a or B or C or AB or AC or BC or ABC (i.e., a and B and C). In addition, as used herein, the phrase "based on" should not be understood to refer to a set of closed conditions. For example, exemplary steps described as "based on condition a" may be based on both condition a and condition B without departing from the scope of the present disclosure. In other words, as used herein, the phrase "based on" should be interpreted in the same manner as the phrase "based at least in part on".
Computer-readable media includes both non-transitory computer storage media and communication media including any medium that facilitates transfer of a computer program from one place to another. Non-transitory storage media may be any available media that can be accessed by a general purpose or special purpose computer. By way of example, and not limitation, non-transitory computer-readable media can comprise RAM, ROM, electrically erasable programmable read-only memory (EEPROM), compact Disk (CD) ROM or other optical disk storage, magnetic disk storage or other magnetic storage devices, or any other non-transitory medium that can be used to carry or store desired program code means in the form of instructions or data structures and that can be accessed by a general-purpose or special-purpose computer or a general-purpose or special-purpose processor. And any connection is properly termed a computer-readable medium. For example, if the software is transmitted from a website, server, or other remote source using a coaxial cable, fiber optic cable, twisted pair, digital Subscriber Line (DSL), or wireless technologies such as infrared, radio, and microwave, then the coaxial cable, fiber optic cable, twisted pair, DSL, or wireless technologies such as infrared, radio, and microwave are included in the definition of medium. Disk and disc, as used herein, includes CD, laser disc, optical disc, digital Versatile Disc (DVD), floppy disk and blu-ray disc where disks usually reproduce data magnetically, while discs reproduce data optically with lasers. Combinations of the above should also be included within the scope of computer-readable media.
The description herein is provided to enable any person skilled in the art to make or use the disclosure. Various modifications to the disclosure will be readily apparent to those skilled in the art, and the generic principles defined herein may be applied to other variations without departing from the spirit or scope of the disclosure. Thus, the disclosure is not limited to the examples and designs described herein but is to be accorded the widest scope consistent with the principles and novel features disclosed herein.

Claims (25)

1. An apparatus, comprising:
a controller configured to couple with a memory system, wherein the controller is configured to cause the apparatus to:
transmitting a public key associated with the device to the memory system, wherein the public key associated with the device is based at least in part on a private key associated with the device; a kind of electronic device with high-pressure air-conditioning system
Signaling is transmitted to the memory system, wherein at least a portion of the signaling is signed by the device based at least in part on the private key associated with the device.
2. The apparatus of claim 1, wherein the signaling comprises a command to access the memory system or a command to modify an operating parameter of the memory system.
3. The apparatus of claim 1, wherein the controller is configured to cause the apparatus to:
receiving a public key associated with the memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and different from the public key associated with the device; a kind of electronic device with high-pressure air-conditioning system
At least a portion of the signaling is encrypted based at least in part on the private key associated with the device, the public key associated with the memory system, or both.
4. The apparatus of claim 3, wherein the controller is configured to cause the apparatus to:
a symmetric key is generated based at least in part on the private key associated with the device and the public key associated with the memory system, wherein the at least a portion of the signaling is encrypted based at least in part on the symmetric key.
5. The apparatus of claim 4, wherein the controller is configured to cause the apparatus to:
the symmetric key is stored in a non-volatile storage location.
6. The apparatus of claim 4, wherein the controller is configured to cause the apparatus to:
A second symmetric key is generated that is based at least in part on the symmetric key, wherein the at least a portion of the signaling is encrypted based at least in part on the second symmetric key.
7. The apparatus of claim 6, wherein the controller is configured to cause the apparatus to:
the second symmetric key is stored in a volatile storage location.
8. The apparatus of claim 6, wherein the controller is configured to cause the apparatus to:
the second symmetric key is generated based at least in part on the memory system powering on, the memory system resetting, or time elapsed since a previous key generation meeting a threshold.
9. The apparatus of claim 6, wherein the controller is configured to cause the apparatus to:
receiving signaling from the memory system to initiate key generation; a kind of electronic device with high-pressure air-conditioning system
The second symmetric key is generated in response to the signaling initiating the key generation.
10. The apparatus of claim 4, wherein the private key is associated with a host entity of the apparatus, and wherein the controller is configured to cause the apparatus to:
the public key associated with the device is generated based at least in part on the private key associated with the host entity of the device.
11. The apparatus of claim 4, wherein the public key or the symmetric key associated with the apparatus is associated with an address range of the memory system.
12. The apparatus of claim 1, wherein the controller is configured to cause the apparatus to:
the public key associated with the device is generated based at least in part on a master host private key of the device and a private key associated with a host entity of the device.
13. The apparatus of claim 1, wherein the controller is configured to cause the apparatus to:
receiving a public key associated with the memory system, wherein the public key associated with the memory system is based at least in part on a private key associated with the memory system and different from the public key associated with the device;
receiving a response to the signaling; a kind of electronic device with high-pressure air-conditioning system
An attempt is made to authenticate at least a portion of the response based at least in part on the public key associated with the memory system.
14. An apparatus, comprising:
a memory device; a kind of electronic device with high-pressure air-conditioning system
A controller coupled with the memory device and configured to cause the apparatus to:
receiving a public key associated with a host system, wherein the public key associated with the host system is based at least in part on a private key associated with the host system;
Receiving signaling from the host system; a kind of electronic device with high-pressure air-conditioning system
A response to the signaling is determined based at least in part on an attempt to authenticate at least a portion of the signaling, wherein the attempt to authenticate the at least a portion of the signaling is based at least in part on the public key associated with the host system.
15. The apparatus of claim 14, wherein the signaling comprises a command to access the memory device or a command to modify an operating parameter of the apparatus.
16. The apparatus of claim 14, wherein the controller is configured to cause the apparatus to:
transmitting a public key associated with the device, wherein the public key associated with the device is based at least in part on a private key associated with the device and different from the public key associated with the host system; a kind of electronic device with high-pressure air-conditioning system
An attempt is made to decrypt at least a portion of the signaling based at least in part on the private key associated with the device, the public key associated with the host system, or both.
17. The apparatus of claim 16, wherein the controller is configured to cause the apparatus to:
a symmetric key is generated based at least in part on the private key associated with the device and the public key associated with the host system, wherein the attempting to decrypt the at least a portion of the signaling is based at least in part on the symmetric key.
18. The apparatus of claim 17, wherein the controller is configured to cause the apparatus to:
generating a second symmetric key based at least in part on the symmetric key, wherein attempting to decrypt the at least a portion of the signaling is based at least in part on the second symmetric key.
19. The apparatus of claim 18, wherein the controller is configured to cause the apparatus to:
the second symmetric key is generated based at least in part on the device powering up, the device resetting, or time elapsed since a previous key generation meeting a threshold.
20. The apparatus of claim 18, wherein the controller is configured to cause the apparatus to:
receiving signaling from the host system to initiate key generation; a kind of electronic device with high-pressure air-conditioning system
The second symmetric key is generated in response to received signaling that initiates the key generation.
21. The apparatus of claim 17, wherein the public key or the symmetric key associated with the apparatus is associated with an address range of the memory device.
22. The apparatus of claim 14, wherein the controller is configured to cause the apparatus to:
Transmitting a public key associated with the device, wherein the public key associated with the device is based at least in part on a private key associated with the device and different from the public key associated with the host system; a kind of electronic device with high-pressure air-conditioning system
A response to the signaling is transmitted, wherein at least a portion of the response is signed by the device based at least in part on the private key associated with the device.
23. The apparatus of claim 14, wherein the controller is configured to cause the apparatus to:
the private key associated with the device is generated based at least in part on a physical unclonable function at the device.
24. A non-transitory computer-readable medium storing code comprising instructions that, when executed by a processor of an electronic device, cause the electronic device to:
transmitting, by a host system, a public key associated with the host system, wherein the public key is based at least in part on a private key associated with the host system; a kind of electronic device with high-pressure air-conditioning system
Signaling is transmitted to a memory system by the host system, wherein at least a portion of the signaling is signed by the host system based at least in part on the private key associated with the host system.
25. A non-transitory computer-readable medium storing code comprising instructions that, when executed by a processor of an electronic device, cause the electronic device to:
receiving, at a memory system, a public key associated with a host system, wherein the public key associated with the host system is based at least in part on a private key associated with the host system;
receiving signaling from the host system at the memory system; a kind of electronic device with high-pressure air-conditioning system
A response to the signaling is determined based at least in part on an attempt to authenticate at least a portion of the signaling, wherein the attempt to authenticate the at least a portion of the signaling is based at least in part on the public key associated with the host system.
CN202211273137.5A 2021-10-22 2022-10-18 Memory system security and authentication using asymmetric keys Pending CN116015615A (en)

Applications Claiming Priority (4)

Application Number Priority Date Filing Date Title
US202163270798P 2021-10-22 2021-10-22
US63/270,798 2021-10-22
US17/663,123 2022-05-12
US17/663,123 US20230129728A1 (en) 2021-10-22 2022-05-12 Memory system security and authentication using asymmetric keys

Publications (1)

Publication Number Publication Date
CN116015615A true CN116015615A (en) 2023-04-25

Family

ID=86025632

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202211273137.5A Pending CN116015615A (en) 2021-10-22 2022-10-18 Memory system security and authentication using asymmetric keys

Country Status (2)

Country Link
US (1) US20230129728A1 (en)
CN (1) CN116015615A (en)

Also Published As

Publication number Publication date
US20230129728A1 (en) 2023-04-27

Similar Documents

Publication Publication Date Title
US11784827B2 (en) In-memory signing of messages with a personal identifier
US11783044B2 (en) Endpoint authentication based on boot-time binding of multiple components
US20230129539A1 (en) Authenticated modification of memory system data
CN116011001A (en) Authentication reading of memory system data
US11917059B2 (en) Batch transfer of control of memory devices over computer networks
US20230367575A1 (en) Techniques for managing offline identity upgrades
US20220231838A1 (en) Server System to Control Memory Devices over Computer Networks
US20220231858A1 (en) Control of Memory Devices over Computer Networks
CN115391844A (en) Secure key storage device
US20220070004A1 (en) Memory write access control
US20230129728A1 (en) Memory system security and authentication using asymmetric keys
US20230127278A1 (en) Multi-factor authentication for a memory system based on internal asymmetric keys
US20230125636A1 (en) Use of a physically unclonable function to generate a memory identifier
US20230367489A1 (en) Performing cryptographic functions at a memory system
US11968296B2 (en) Utilization of a memory device for per-user encryption
US11677560B2 (en) Utilization of a memory device as security token
US20230103736A1 (en) Sharing keys with authorized users
US20240146525A1 (en) Batch Transfer of Control of Memory Devices over Computer Networks
US20230353391A1 (en) Remote provisioning of certificates for memory system provenance
CN116361802A (en) Security configuration for partitioned computing architecture

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination